Core Contracts

Regnum Aurum Acquisition Corp

HardhatReal World AssetsNFT

77,280 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Category Allocations Mutability in RAACReleaseOrchestrator

mill1995

Summary

The RAACReleaseOrchestrator contract's documentation suggests that category allocations are immutable [https://docs.raac.io/core/minters/RAACReleaseOrchestrator?id=notes], while the actual implementation includes a function updateCategoryAllocation that allows the admin to modify these values. Although the function includes basic safety checks, this discrepancy between documentation and implementation could lead to confusion among stakeholders.

Vulnerability Details

The contract implements category allocations with two conflicting approaches:

Initial Setup in Constructor:

constructor(address _raacToken) {

// Initialize category allocations as if they were immutable

categoryAllocations[TEAM_CATEGORY] = 18_000_000 ether;

categoryAllocations[ADVISOR_CATEGORY] = 10_300_000 ether;

categoryAllocations[TREASURY_CATEGORY] = 5_000_000 ether;

// ... other allocations ...

}

Mutable Implementation

function updateCategoryAllocation(bytes32 category, uint256 newAllocation) external onlyRole(DEFAULT_ADMIN_ROLE) {

if (categoryAllocations[category] == 0) revert InvalidCategory();

if (newAllocation < categoryUsed[category]) revert InvalidAmount();

categoryAllocations[category] = newAllocation;

emit CategoryAllocationUpdated(category, newAllocation);

}

Impact

No upper bounds on allocation changes
Exceed intended total supply percentage (65%)
Confusion among stakeholders
Protocol can increase different categories to their benefit which has direct impact on the other beneficiaries stake because it inflates their share

Tools Used

Manual Review

Recommendations

The contract's functionality is sound, but the documentation should be updated to accurately reflect the mutable nature of category allocations or the update function should be removed from the contract. This will ensure transparency and prevent any misunderstandings among stakeholders.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

77,280 USDC

nSLOC

3,864

20 USDC / LOC

High Medium

74,000

Low

3,280

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!